This document provides an introduction to security testing and ethical hacking. It emphasizes that security testers need basic networking knowledge, an understanding of the web application lifecycle, and a hacker's mindset of curiosity. Most of the work involves manual testing for vulnerabilities like SQL injection and XSS rather than relying on automated tools. Thorough documentation of testing results is also important to provide clear remediation suggestions to developers.

1. INTRODUCTION TO SECURITY
TESTING
OR
ETHICAL HACKING
http://solidmonster.wordpress.com

2. BEFORE YOU START!
 Basic knowledge on networking.
 Life cycle of a web application.
 Dedicated mindset of an hacker
 Open mind with curiosity to learn new things.
 Don’t depend completely on tools, tools can never replace a
human(Security Tester)
 Be ready for anything as you might go to jail if your actions are
affected by 3rd party companies or government rules and regulations.
 Do not access or do penetration testing on networks which you are
not authorized to or for which you don’t have permission to do so.
http://solidmonster.wordpress.com

3. SECURITY TESTING
Is it only Hacking ?
http://solidmonster.wordpress.com
Not Exactly

4. INFORMATION SECURITY
Background
5%
Information
Gathering
5%
Manual testing
50%
Tools
10%
Remediations
10%
Documentation
10%
Risk assesment
10%
http://solidmonster.wordpress.comhttp://solidmonster.wordpress.com

5. INFORMATION SECURITY
 Background
 Basics of Internet and web applications
 Information gathering
 Platform details, application knowledge, domain knowledge…
 Manual testing
 SQL Injection, XSS, URL redirection…
 Tools
 Scanners
 Sniffers
 Remediation
 Suggestions
 Documentation
 Custom Reports
 Risk assessment
http://solidmonster.wordpress.com
http://solidmonster.wordpress.com

6. INFORMATION GATHERING
 Information leakage
 Whois.com
 General contact details (Mail Servers)
 List of domain names
 Google Dorks
 Shared and independent servers
 Bing Operator search
 Error messages in revealing banner information
http://solidmonster.wordpress.com

7. MANUAL TESTING
 Client and Server side validations
 SQL Injection (SQLI)
 Cross Site Scripting (XSS)
 Cross-Site Request Forgery (CSRF)
 URL Redirection
 Broken Authentication and Session Management
 E-Shop Lifting
 Failure to restrict URL access
 Direct Traversals
 File Uploads
http://solidmonster.wordpress.com

8. AUTOMATED TOOLS
 Tools automate the ‘attack’ on the web application/database server.
 Send protocol specific requests to the server to test for common
vulnerabilities
 How they work ?
 Signature based
 Phases
 Crawl
 Audit (attack)
 Report
 Tools
 AppScan – IBM
 WebInspect – HP
 Accunetix
 Nessus
 Nmap
 Fiddler/ Wireshark
http://solidmonster.wordpress.com

9. AUTOMATED TOOLS
 Good at
 Testing for 100s of common vulnerabilities and mis-configurations that are
impractical to test for manually
 Regression testing of servers to ensure they stay secure – especially after activities
like patching or new code deployment
 Ability to schedule automated scanning/testing for off-production hours to avoid
conflicts
 Not good at
 Automated tools are most effective at ‘guessing’ and using known signatures to
identify issues
 Detailed exploits that require intelligent feedback and analysis
 Can not find business logic bugs
 False positives
 Cannot depend on tool blindly
http://solidmonster.wordpress.com

10. REPORTS
 Documentation – You cant just stop with report which was generated by
automated tool. You may even have to provide the customized report
which can explain in a better way.
 To make it understandable to the organization (developers).
 Mostly PDF formats
 NDA – Non Disclosure Agreements
 Report
 Who tested it?
 Disclaimers
 Environment details
 Summary
 Technical Details
 Risk of not fixing
 Description,
 Reproduction steps
 Suggestions
http://solidmonster.wordpress.com

11. OWASP TOP 10
 A1: Injection
 A2: Cross-Site Scripting (XSS)
 A3: Broken Authentication and Session Management
 A4: Insecure Direct Object References
 A5: Cross-Site Request Forgery (CSRF)
 A6: Security Misconfiguration
 A7: Insecure Cryptographic Storage
 A8: Failure to Restrict URL Access
 A9: Insufficient Transport Layer Protection
 A10: Unvalidated Redirects and Forwards
http://solidmonster.wordpress.com

12.  Its just a small intro on Security Testing! Though if anyone are
interested, feel free to contact me by just searching me on Google
 He knows everything about me. He would help you in finding my
contact details.
http://solidmonster.wordpress.com